and the people in charge of the web servers may not be authorized to be handling the security-related material they will be decrypting with the key and forwarding off.